To protect against attacks such as this, organizations should:
• Configure email clients to notify users when emails originate from outside the organization.
• Focus on cyber security awareness and training.
• Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities.
• Ensure Office applications are configured to disable all macros without notification.
• Pay special attention to warning notifications in email clients and Office applications.
• Implement monitoring of security events on employee workstations and servers, with a 24/7 Security Operations Center to detect threats and respond quickly.
https://www.bleepingcomputer.com/news/security/purecrypter-malware-hits-govt-orgs-with-ransomware-info-stealers/
